229
PrivacyGmail for android silently overwrites links in your emails, so it can track what you open
I clicked on a link inside an email from a privacy service, and was surprised to see they used google tracking for their stuff, so I opened it in thunderbird and behold, it had no tracking.
But the worst part is... if I went back again and long pressed the link on gmail, it showed the link preview, WITHOUT the tracking. There's some kind of rule, so try it first on a new, unopened email, without long clicking. You'll need something to intercept it because the browser will just redirect to the main link.
Imagine the mailman looking at you, noting down which letters you open, it's crazy.
I noticed this thanks to link eye, an app that intercept all browser links and shows a list of supported apps, so you can redirect to the preferred one. It also displays the link, it's abandoned but still working.
I'm 99% sure I have all the privacy stuff set correctly. I suppose it may also happen on desktop/ios, but I have no way to check it
Also fedia is not showing me a field to set the post title, so I'm sorry if everything ends up in the title or if the title is empty
Outlook replaces weblinkes in emails as well, to a "safelinks" redirect URL. Certainly a security feature, but man it's annoying. Not just the redirect, and the potential tracking, but when a readable URL to my build server build turns into a multiline cryptic unreadable mess and then pollutes my webbrowser history - fuck.
I already thought about a Thunderbird extension where I can replace them back to their original.
(My workplace uses Outlook.)
gmail does this in general. whats really annoying is you can use the browser copy clean link and im not sure if they are not following standards or what but you still get the google encapsulated link.
Within the last week or two I started fully committing to Tuta and I don't give out any of my gmail addresses for anything. I wish I'd done it sooner.
Soon (maybe this week) I'm going to buy a device to use as an Immich server. People online say they've had good performance with a Raspberry Pi 5 so I'll probably try that first.
Fuck Google.
Absolutely everything is tracked in Gmail. Spend an extra second hovering over the send button for Sara's email and it will be in their data model for you. That's the whole point of Gmail for them.
Even without redirect links, it would be entirely possible to use other app mechanisms to track which links are clicked.
Yes, this is shitty and grey pattern behaviour designed to fool even more seasoned email users into giving up more privacy.
However, do not use gmail for anything if you value your privacy. Failing that, there is no need to ever use the Gmail app, can easily use any of a hundred other mail apps on Android.
I already have another service, sadly these are "legacy" accounts that I cannot discard
The issue isn't even which app you read email with anyway; Google is actually modifying your raw email content to embed links within tracking urls. They do it to calendar links as well, and they've been doing this for at least a few years now.
Then use the thunderbird app!
And/or try to change the email address these services use
It's not just their mobile app. Gmail on desktop browsers (firefox) does something similar. You can see it in your "history" after clicking a link.
Outlook does this, too. All in the name of security, of course.
Can confirm.
Not shocking as how else does google pay for Gmail if it can't build a better advertising profile on you?
Hi, just tested and it's not doing this to me. Links are showing, copying, and opening correctly.
May I ask how you checked for any redirects?
mine is redirecting to Google first. fucking gross, the fact that they are doing this on mobile only, where it's harder to notice it is shitty as hell
Same, I click a link and see a moment of it loading "www.google.com" before loading the actual site linked
Do K9 or thunderbird mail on Android do this? (even if you use gmail as backend?)
No, only the official google clients do link hijacking. Thunderbird doesn't do it.
